bind9 configuration file PROBLEM

Question

I have a pc with debian 9 stretch and a router (Nano Pi r4s with openwrt) both with bind9. I have set the min-cache-ttl parameter of 80000 seconds on debian stretch, and when i try to set it also on the nano pi, it tells me that the maximum can reach 90 seconds !! How is it possible? How can I set a higher value ?? Thank you

debian 9 (/etc/bind/named.conf.options):

options {
        directory "/var/cache/bind";
        listen-on-v6 { none; };
        recursion yes;
        allow-transfer { none; };
        dump-file  "/var/cache/bind/cache.db";
        notify no;
        allow-notify { none; };
        forward only;

        forwarders {
                8.8.8.8;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation no;

        auth-nxdomain no;    # conform to RFC1035
        attach-cache yes;
        min-cache-ttl  86400;
        max-cache-ttl  87000;
        max-cache-size 1024M;
};

Nano PI R4S (/etc/bind/named.conf):

options {
        directory "/var/cache/bind";
        dump-file "/var/cache/bind/cache.db";
        listen-on-v6 { none; };
        recursion yes;
        allow-transfer { none; };
        notify no;
        allow-notify { none; };
        forward only;

        forwarders {
                8.8.8.8;
        };

        auth-nxdomain no;    # conform to RFC1035
        dnssec-validation no;
        attach-cache yes;
        min-cache-ttl  80000; ## ERROR! Max is 90!
        max-cache-ttl  43200;
        max-cache-size 1024M;
};

90 seconds seems to be the maximum value for min-cache-ttl described in the configuration reference...which also says, "...and is truncated to 90 seconds if set to a greater value.".Are you using the same version of bind9 on both platforms? — larsks
– larsks, Commented Aug 3, 2022 at 21:55
@larsks no...bind9 in debian stretch have 9.10..bind9 in openwrt is 9.14... — user377583
– user377583, Commented Aug 4, 2022 at 0:38
In any case, it seems the solution is to set min-cache-ttl to a valid value. — larsks
– larsks, Commented Aug 4, 2022 at 1:25
yes, but i didn't understand why I can't set a higher value! How is it possible that in the previous version I could do it while in this new one I could not? Is there another way to set a higher value? — user377583
– user377583, Commented Aug 4, 2022 at 12:31
The DNS is designed so that the authoritative DNS server sets the TTL for normal (positive) caches. The min-cache-ttl and max-cache-ttl just set lower and upper bounds for what those TTLs can be. Restricting max-cache-ttl to lower than the authoritative server says just causes some extra queries; restricting with min-cache-ttl to higher than the authoritative server says makes your cache sometimes pass off stale data as supposedly valid. In your Nano PI R4S example you're trying to set the min-cache-ttl higher than max-cache-ttl, which is just nonsense. — telcoM
– telcoM, Commented Aug 4, 2022 at 13:46

gapsf · Accepted Answer · 2022-08-05 11:44:03Z

How can I set a higher value ?

Get bind-9.14 sources, change the value of the MAX_MIN_CACHE_TTL and compile the bind package for yourself

How is it possible?

Debian
Before bind-9.13 Debian had their own patch 0003-Add-min-cache-ttl-and-min-ncache-ttl-keywords.patch that added min-cache-ttl feature to their bind package.

Obviously the maximum value for min-cache-ttl was > 90s since there is no checks here https://sources.debian.org/patches/bind9/1:9.10.3.dfsg.P4-12.3+deb9u6/10_min-cache-ttl.diff/#L30

With bind-9.13 Debian removes http://metadata.ftp-master.debian.org/changelogs/main/b/bind9/unstable_changelog there patch since upstream already ported this feature in that version.

OpenWRT
OpenWRT compiles there bind package directly from ISC source files.
Here makefile https://github.com/openwrt/packages/blob/master/net/bind/Makefile

PKG_VERSION:=9.18.4
PKG_SOURCE_URL:= \
    https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
    https://ftp.isc.org/isc/bind9/$(PKG_VERSION)

Also for bind-9.14.2 https://github.com/openwrt/packages/commit/868f29d4ee61205e65994f67f23a02198a9dea33#diff-eb969664858d3b384948d5ecec074c7cf894444a8e293aebb09d21720a00f5b5

In bind min-cache-ttl was added at Nov 14, 2018 and released in version 9.13.4 commit https://github.com/isc-projects/bind9/commit/e9a939841dcf37021aab189caee836bfb59b45dc

min-cache-ttl max value defined here https://github.com/isc-projects/bind9/commit/e9a939841dcf37021aab189caee836bfb59b45dc?diff=unified#diff-d67681a4334d52b7a3e6aa8ff9a56072834cf2f4e5158cbfd4cb3b232c731bf7R24

#define MAX_MIN_CACHE_TTL 90

https://github.com/isc-projects/bind9/commit/e9a939841dcf37021aab189caee836bfb59b45dc?diff=unified#diff-d6bb5d421804dd0a1b7bd92dcd1f76348321360d9dbf5512257c4753cc815443R972

static intervaltable intervals[] = {
...
    { "min-cache-ttl", 1, MAX_MIN_CACHE_TTL },  /* 90 secs */
...
};

So in the bind and therefore in openwrt the maximum value for min-cache-ttl was always 90 from the very beginning.

Thanks very much!

user377583
– user377583

2022-08-05 13:10:34 +00:00
Commented Aug 5, 2022 at 13:10 — user377583
– user377583, Commented Aug 5, 2022 at 13:10

Stack Exchange Network

bind9 configuration file PROBLEM

1 Answer 1

You must log in to answer this question.

Hot Network Questions

bind9 configuration file PROBLEM

1 Answer 1

You must log in to answer this question.

Related

Hot Network Questions